package com.ttbj.shiro.filter;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;



/**
 * 在已有的Form认证授权器基础上扩展一个新的子类 
 */
public class CustomerFormAuthenticationFilter extends FormAuthenticationFilter{/*
	
	private static final Logger logger = LoggerFactory.getLogger(CustomerFormAuthenticationFilter.class);
	
	@Autowired
	private SalesmanService salesmanService;
	
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		// 1.如果想要取得在Session中出现的验证码，则必须取得HttpSession接口对象
		HttpServletRequest req = (HttpServletRequest) request;
		//取得当前的session对象
		HttpSession session = req.getSession();
		//取得生成的验证码
		String rand = (String) session.getAttribute("KAPTCHA_SESSION_KEY");
		System.out.println("rand...:" + rand);
		// 2.取得用户提交表单过来的验证码数据
		String code = request.getParameter("code");
		System.out.println("用户输入的验证码。。。：" + code);
		if (rand ==null || code == null || "".equals(rand) || "".equals(code)) {
			request.setAttribute("code", "验证码 不允许为空！");
			logger.debug("验证码 不允许为空！");
			return true;	//true为拒绝访问
		}else {
			if (!code.equalsIgnoreCase(rand)) {
				request.setAttribute("code", "验证码 输入错误！");
				logger.debug("验证码 输入错误！");
				return true;
			}else {
				try {
					final SalesmanDto authUserInfo = this.salesmanService.findRoleNameByName(request.getParameter("username"));
					req.getSession().setAttribute("userInfo", authUserInfo);
				} catch (BusinessException e) {
					logger.debug("用户名或密码错误1！");
				} catch (AuthenticationException e) {
					logger.debug("用户名或密码错误2！");
				}
			}
		}
		boolean loginResult = true;
		try {
			System.out.println("onAccessDenied.......");
			loginResult = super.onAccessDenied(request, response);
		} catch (Exception e) {
			loginResult = false;
			logger.debug("用户名或密码错误3！");
		}
		//操作流程继续进行
		return loginResult;
	}
*/}
